Use Real Client-Side Encryption: Email Services Can Read Your Email

Microsoft had a tip that someone was doing something wrong, so they decided to search that user’s email and hand over the information to a US prosecutor. They didn’t even violate any laws; you agree as part of using Hotmail that Microsoft can access your email to protect Microsoft property.

Nothing prevents any email provider from reading your email, and no major email service offers true client-side encryption. There’s frequently no protection from anyone at those organizations looking at your email. As someone who has had sysadmin rights at large companies, I will tell you that security is often just an illusion. There is a policy, but with little or no enforcement. Take a look at what Edward Snowden could do. If you are a sysadmin there’s often nothing between you and a “treasure chest” of private information.

It’s all trust. You are trusting that your email provider has good employees… and they probably do, but there are always exceptions. (And who knows? If you make it more difficult for intelligence agencies to compromise networks, what stops them from compromising people? People are easier to hack than networks.)

Trust isn’t enough. Users need to be offered the opportunity to use client-side encryption. This is the technology that can act as a check on email providers. If a user wants to encrypt an email they should be able to send an email provider an encrypted message and send the key to a third party. This is Virtru’s approach for client-side encryption, and it protects against both passive surveillance and inappropriate access. Your email provider shouldn’t have the option to read your email if you don’t want them to. Your private information is just that – private.